<?php  
class LoginModel extends Model{
	public $table='user';
	/**
	 * 登录
	 * @return [type] [description]
	 */
	public function login(){
		if (empty($_POST['username'])) {
			$this->error='用户名不能为空';return false;
		}
		if (empty($_POST['password'])) {
			$this->error='密码不能为空';return false;
		}
		if (empty($_POST['code'])) {
			$this->error='验证码不能为空';return false;
		}
		if (strtoupper($_POST['code'])!=$_SESSION['code']) {
			$this->error="验证码错误";return false;
		}
		$username=Q('username');
		//查找当前登录用户
		$user=$this->join("__user_role__ ur JOIN __user__ u ON ur.uid=u.uid JOIN __role__ r ON r.rid=ur.rid")->where("username='$username'")->find();
		if ($user['rid']!=1) {
			$this->error='无权限操作';return false;
		}
		if (empty($user)) {
			$this->error='该用户不存在';return false;
		}
		if ($user['password']!=md5($_POST['password'].$user['token'])) {
			$this->error='密码错误';return false;
		}
		$_SESSION['user']['uid']=$user['uid'];
		$_SESSION['user']['rid']=$user['rid'];
		$_SESSION['user']['role_name']=$user['role_name'];
		$_SESSION['user']['username']=$user['username'];
		return true;
	}
}
